web/quotes: require login for all pages

...except things under /accounts/, because I generally just trust that to do
access control for me.
This commit is contained in:
Luke Granger-Brown 2021-01-20 18:14:22 +00:00
parent 7ec8e08ff0
commit ee3299223a
5 changed files with 25 additions and 3 deletions

View file

@ -0,0 +1,15 @@
from django.contrib.auth.decorators import login_required
class LoginRequiredMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def is_open_url(self, path_info):
return path_info.startswith('/accounts/')
def __call__(self, request):
if not self.is_open_url(request.path_info):
return login_required()(self.get_response)(request)
return self.get_response(request)

View file

@ -60,6 +60,7 @@ MIDDLEWARE = [
"django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.auth.middleware.AuthenticationMiddleware",
"django.contrib.messages.middleware.MessageMiddleware", "django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware", "django.middleware.clickjacking.XFrameOptionsMiddleware",
"quotes.quotesapp.middleware.LoginRequiredMiddleware",
] ]
ROOT_URLCONF = "quotes.quotesapp.urls" ROOT_URLCONF = "quotes.quotesapp.urls"

View file

@ -16,15 +16,14 @@ Including another URLconf
from django.contrib import admin from django.contrib import admin
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
from django.urls import include, re_path, path from django.urls import include, re_path, path
from django.views.generic import TemplateView
import allauth.urls import allauth.urls
import quotes.quotedb.urls import quotes.quotedb.urls
# Monkeypatch the login_required decorator onto /admin.
admin.site.login = login_required(admin.site.login)
urlpatterns = [ urlpatterns = [
path("admin/", admin.site.urls), path("admin/", admin.site.urls),
path("accounts/", include(allauth.urls)), path("accounts/", include(allauth.urls)),
path("accounts/logged_out/", TemplateView.as_view(template_name='account/logged_out.html')),
re_path(r"", include(quotes.quotedb.urls)), re_path(r"", include(quotes.quotedb.urls)),
] ]

View file

@ -0,0 +1,6 @@
{% extends "alert.html" %}
{% block title %}Logged out{% endblock %}
{% block content_title %}Logged <span class="text-bfobOrange">Out</span>{% endblock %}
{% block content_text %}Bye, I guess.{% endblock %}

View file

@ -24,6 +24,7 @@
{% if user.is_authenticated %} {% if user.is_authenticated %}
<form action="/accounts/logout/" method="POST"> <form action="/accounts/logout/" method="POST">
{% csrf_token %} {% csrf_token %}
<input type="hidden" name="next" value="/accounts/logged_out/">
<button type="submit" class="px-4 py-1 rounded-full text-sm border border-bfobOrange text-bfobOrange hover:border-transparent hover:bg-bfobOrange hover:text-bfobGray-dark">Logout</button> <button type="submit" class="px-4 py-1 rounded-full text-sm border border-bfobOrange text-bfobOrange hover:border-transparent hover:bg-bfobOrange hover:text-bfobGray-dark">Logout</button>
</form> </form>
{% else %} {% else %}